Method and apparatus for secure delivery and rights management of digital content at an unsecure site

ABSTRACT

At a publisher location, multiple encrypted documents are assembled into a distribution archive that is also encrypted. The distribution archive is then downloaded into a content server at an unsecure site. When the content server receives the distribution archive, it decrypts the archive file and unpacks the encrypted documents, which are then stored, in encrypted form, in a local document database. When a user logs into the local content server, a secure content viewer is downloaded to the user&#39;s browser. The content viewer requests a selected document from the local server, which then forwards the encrypted document to the viewer. The viewer then computes a document identifier from the encrypted document content and requests a key from the server with the identifier. The server then returns the requested key and the viewer decrypts that document and presents it in a display area controlled by the viewer.

FIELD OF THE INVENTION

This invention relates to electronic commerce and to methods andapparatus for distributing secure digital content to an unsecure site.

BACKGROUND OF THE INVENTION

Global distribution systems, such as the Internet, are increasinglybeing used for distribution of digital content that includes text andgraphic information encoded in a variety of formats. However, copyrightholders and publishers of such digital content have been slow to embracethe use of the Internet for distribution of digital content because ithas been difficult to control unauthorized copying and dissemination ofthe content once it has been delivered onto the Internet. In particular,once content has been placed in digital form and delivered to a user, itcan easily be copied, printed or forwarded to other users.

Thus, providers of digital content desire to establish a secure, globaldistribution system for digital content that protects the rights of thecontent's copyright holders. One prior art technique for controlling thedistribution of digital content is shown in FIG. 1. In this technique,unencrypted content is placed in a server farm that is located behind asecure firewall. A user, such as user 100 desiring access to the contentstored in database 106 logs in to the server 104 using a conventionalauthentication scheme, such as a password or subscription service. Onceconnected to the server 104, an authorized user 100 can view content andrequest a copy of that content as indicated by arrow 108. In response tothis request, the server 104 retrieves the information from the database104 as indicated schematically by arrow 110 and displays the content.

This conventional protection technique has several drawbacks. First,many users prefer to view the content with a conventional web browser.In order to display the content in such a browser, it is necessary todownload a digital version of the content, as indicated schematically byarrow 112. This digital version is typically stored, at leasttemporarily, in the computer, and can be printed or forwarded to otherusers. Therefore, in accordance with another prior art technique, inorder to view the content, the conventional browser must be equippedwith a plug-in, ActiveX components or another program which controls thebrowser and disables the printing function and prevents forwarding thecontent to unauthorized users. However, in order to use this system, itis necessary to first download and install the plug-in, the ActiveXlibraries or other program, before the content can be viewed. Inaddition, since the content is not encrypted when it is downloaded tothe browser, it can still be stored and then later printed or forwardedto other users.

Another conventional protection technique is called a “secure container”system. In this system, the content is delivered to the user in anencrypted form and is decrypted at the user's site by means of adecryption key. This technique provides a solution to protecting thedocument during delivery over insecure channels, but has the samedrawback as the firewall system in that the content must still bedecrypted in order to present it to the user. The decrypted content canbe stored and then later printed or forwarded to other users.

In both of these prior art systems, all of the content is located at thepublisher's location. Thus, multiple and often substantial downloadsfrom the publisher's location to the user's site are required for usersto access the content. In many cases, the users are connected to aninternal corporate network, or corporate intranet, that is, in turn,connected to the Internet by means of a firewall and this latterfirewall often interferes with the content downloads. Further, manycorporate entities find it desirable to manage the information at theirown sites using their own hardware and, in many cases, proprietarysoftware.

SUMMARY OF THE INVENTION

In accordance with the principles of the invention, a content server islocated at the user's site. This server delivers content locally tousers at the site and logs content access at the site. The server alsoprovides additional content encryption, log authentication, key transferand key management services to ensure the security and authenticity ofcontent data without substantially interfering with the user access.

Rather than downloading each content document on demand from thepublisher location to the user site, at the publisher location, eachcontent document is encrypted and then multiple encrypted documents areassembled into a distribution archive that is also encrypted. Thedistribution archive is then downloaded into the content server at theuser site. When the content server receives the distribution archive, itdecrypts the archive file and unpacks the encrypted documents, but doesnot decrypt each document. Instead, the encrypted documents are storedin encrypted form in a local document database.

In one embodiment, when a user logs into the local content server with aconventional browser, a secure content viewer that consists of an appletis downloaded from the local content server to the user's browser. Thecontent viewer requests a selected document from the local server byreferring to the document name or URL. The server retrieves theencrypted document from the local document database and forwards it tothe viewer in encrypted form. The viewer then computes a documentidentifier from the encrypted document content and uses the identifierto request a key from the server in order to decrypt the document. Thedocument identifier is computed so that it identifies the encryptedfile, but cannot be derived from the encrypted data in the file alone.

The key is forwarded from the server to the viewer, which then decryptsthe document and displays it in the viewer. Since the document isprocessed by the viewer and displayed only in a window associated withthe viewer, none of the conventional browser functions has to bedisabled. Further, since the document is downloaded in encrypted form,it cannot be stored or forwarded using the conventional browser.

In another embodiment, a document identifier for each document iscomputed at the publisher's location from the encrypted document contentand stored with the decryption key in an identifier/key list. Theidentifier/key list is stored in encrypted form in the distributionarchive and sent to the local content server at the user site along withthe encrypted document content.

In still another embodiment, the local content server logs contentaccess at the site including various user activities, such as login tothe system, registration, creation of a user profile and the reading andprinting of selected content documents. The logged activities are storedin a log file at the customer site. This log file is then sent to thepublisher in return for a distribution archive containing new content.The contents of the log file can be extracted by a reporting serverlocated at the publisher location, formatted and provided to a reportingclient.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and further advantages of the invention may be better;understood by referring to the following description in conjunction withthe accompanying drawings in which:

FIG. 1 illustrates a conventional content delivery system in whichunencrypted content is located behind a firewall in a publisher serverfarm.

FIG. 2 illustrates one embodiment of the invention in which a metricsserver located at a publisher's site receives requests for content fromthe publisher's server and delivers encrypted content to a viewerlocated in a user browser.

FIG. 3 is a block schematic diagram that shows a more detailed view ofthe viewer and the architecture of the metrics server.

FIGS. 4A and 4B, when placed together, form a flowchart showing thesteps of an illustrative process by which a user logins into to ametrics server, downloads and views content.

FIG. 5 is a block schematic diagram of apparatus for calculating anobject identifier.

FIG. 6 is a flowchart showing the steps of an illustrative process forcalculating an object identifier using the apparatus of FIG. 5.

FIG. 7 is a flowchart showing the steps of an illustrative process bywhich a metrics publishing tool prepares a single document fordistribution.

FIG. 8 is a block schematic diagram illustrating the major components ofa metrics publishing tool.

FIG. 9 is a block schematic diagram of apparatus for generating ascrambled text file.

FIG. 10 is a flowchart showing the steps of an illustrative process forgenerating a scrambled text file using the apparatus of FIG. 9.

FIGS. 11A and 11B are separate flowcharts that respectively illustratethe operation of the fragmenter and the text assembler of FIG. 9.

FIG. 12 is a block schematic diagram of an inventive contentdistribution system operating in distributed mode.

FIGS. 13A and 13B, when placed together, form a flowchart showing thesteps of an illustrative process performed by a metrics publishing toolfor encrypting documents in the preparation of a distribution archive.

FIGS. 14A and 14B, when placed together, form a flowchart showing thesteps of an illustrative process performed by a metrics publishing toolfor packaging the encrypted documents and identifying information into adistribution archive.

FIG. 15 is a block schematic diagram illustrating the major componentsof an update manager in a customer site server.

FIGS. 16A and 16B, when placed together, form a flowchart showing thesteps of an illustrative process performed by the update manager inlading and unpacking a distribution archive received by a customer siteserver.

FIG. 17 is a block schematic diagram of the major components of alogging apparatus, illustrating the signing of log entries.

FIG. 18 is a flowchart showing the steps of an illustrative process forsigning a log entry using the apparatus of FIG. 17.

FIG. 19 is a block schematic diagram illustrating the major componentsinvolved in creating a forwarding e-mail message and processing a URLreceived in a forwarding server.

FIG. 20 is a flowchart showing the steps of an illustrative process forprocessing a URL received in a forwarding server using the apparatus ofFIG. 19.

FIG. 21 is a block schematic diagram of an embodiment of the inventionin which a metrics server located at an application service providersite receives content from several publishers and requests for contentfrom the publisher's server and delivers encrypted content to a viewerlocated in a user browser.

FIG. 22 is a block schematic diagram of still another embodiment inwhich encrypted content data is stored locally on a user's computer andis decrypted and displayed in a secure viewer using decryption keys thatare downloaded from a networked server.

FIG. 23 is a block schematic diagram of yet another embodiment in whichencrypted content data, a secure viewer and encrypted decryption keysare stored locally on a user's computer.

DETAILED DESCRIPTION

The inventive content distribution system, which is called hereinafter a“metrics system”, can be configured to run in one of two modes,including a publisher-hosted mode and a distributed mode. In thepublisher-hosted mode, the entire distribution system is located at thepublisher's premises, whereas in the distributed mode portions of thedistribution system are located-on the user's premises. These modes aredescribed in more detail below. A content publisher chooses theconfiguration that best meets its desired business model, and deploys orconfigures the application software accordingly.

A block schematic diagram of the content distribution system configuredin the publisher-hosted mode is shown in FIG. 2. A user operating aworkstation 200 accesses the distribution system over a network througha conventional browser program. Browser programs that are suitable foruse with the invention include Microsoft Internet Explorer, Netscape,Opera or other Java 1.1 compatible browsers. Using the browser, the userrequests a document either by a file name or by a URL as indicatedschematically by arrow 208. This request is received in the publisher'slocation 202 by the publisher's content server 204. However, rather thanaccessing the content data 230 directly as in the prior art, thepublisher's content server 204 refers the request to a metrics contentserver 214 as indicated schematically by arrow 210. The metrics contentserver 214 provides access to the publisher's content stored in database230. It also creates a log file 216 that records various useractivities, including login to the system, registration, creation of auser profile and the reading and printing of selected content.

The contents of log file 216 can be extracted and formatted by a metricsreporting server 218 and provided to a reporting client 222 as indicatedschematically by arrow 220.

More specifically, the first time a user 200 accesses the metricscontents server 214, a registration file is created. This file includesuser identifying information, such as a user ID, and a password, thatthe user will utilize to access the system. This information is storedin a metrics user database 226 as indicated schematically by arrow 224.The information in the metrics user database 226 is used later toauthenticate users who are requesting access to the publisher content.

The metrics content server 214 interacts with a publisher contentdatabase 230 as indicated by arrow 228. Each piece of content in thepublisher content database 230 has been processed by encrypting thedocument and providing a unique identifier called an object identifier(OID) that uniquely identifies that piece of content. This processing isperformed by a metrics publishing tool 232 that receives the output ofthe publisher's conventional publishing process 234. The metricspublishing tool encrypts documents for distribution via the distributionsystem. The process takes content files (and optionally content metadatafiles) as input and generates an encrypted document package, documentidentifier and key data as output. The encrypted output is generated inone of two forms depending on the configuration of the distributionsystem.

Document level encryption is used when the metrics content server isrunning at the publisher's own trusted site. In this case, theencryption can be performed in a batch process in order to protectentire collections of content in a single off-line operation.Alternatively, individual files can be dynamically encrypted as they arerequested. Distribution level encryption can be used when a portion ofthe distribution system is running at a customer site. In thedistribution-level encryption model, the publisher performs batchprocessing on content to prepare encrypted bundles or archives thatcontain document collections. The archives can then be distributed tocustomers either on portable media, such as compact disks, or vianetwork downloads, for example, via the FTP protocol.

In either the publisher-hosted or the distributed modes, a user accessesthe content in the same manner. FIG. 3 shows a more detailed schematicblock diagram illustrating the system components involved in a typicalrequest and delivery of content. In this figure, a user at userworkstation 300 interacts with a metrics server 314 that could belocated at a publisher or user premises by means of a conventional webbrowser 340 running the work station 300. The steps involved in thisprocess are illustrated in FIGS. 4A and 4B which, when placed together,form a flowchart illustrating the request and delivery of content withthe inventive system.

As shown in FIG. 3, the metrics server 314 hosts a web server 352, whichactually performs the functions of login, registration and delivery ofencrypted content and corresponding decryption keys. This web server canbe a conventional web server that acts as a container for a collectionof servlets that actually perform the processing. Web server softwaresuitable for use with the present invention is the Tomcat web serveravailable from the Apache Software Foundation, 1901 Munsey Drive, ForestHills, Md. 21050-2747.

Servlets are programs that run within the web server and processrequests from an HTTP client. The servlet container that is bundled withthe Tomcat web server supports all servlet activity. In thisarchitecture, the servlet container provides the appropriate librariesto process requests. The servlet container contains four main servletsthat perform login, registration and content transfer. These include thelogin servlet 354, the register servlet 356, the request content servlet348 and the request key servlet 350. The operation of these servlets isdescribed in conjunction with the flowchart illustrated in FIGS. 4A and4B.

The content request and delivery process begins in step 400 and proceedsto step 402 where a user desiring a presentation of selected contentcontacts a publishing service or a web farm to request the content bymeans of a file name or URL or other identifier. In step 404, thisrequest is forwarded to the metrics server 314. In step 406, the metricsserver uses the login servlet 354 to determine whether the user haspreviously registered with the system. If not, the register servlet 356is used to update the user data files 326, create a user profile andregister the user as set forth in step 408.

After the user has been registered, the metrics server 314 downloads ametrics viewer applet to the web browser 340 operating in the userworkstation 300. The metrics viewer 342 is an applet that retrieves anddisplays secured contents from the metrics server 314. In oneembodiment, this applet is a Java applet that operates in conventionalbrowsers. The metrics viewer allows users to access content as they doin their familiar browser environments including reading, printing andemailing of content to other users while retaining control of thecontent. In a preferred embodiment of the viewer, the list of contentuse features can be changed by customization. For example, publisherspreferring not to allow printing can customize the viewer applet todisable or eliminate the printing feature. In general, the viewerprevents storage of content by preventing storage of the information tothe user's storage devices, such as a hard drive.

In one embodiment, the metrics viewer supports the following features:(1) navigation within individual articles and overall navigation fromarticle to article, (2) setting bookmarks to favorite articles, (3)e-mailing an article to a list of e-mail addresses, (4) printingselected articles, (5) logging into the metrics server and registeringwith the server, and (6) searching by means of a search engine locatedwithin the metrics server in installations that support serversearching. These operations are initiated by a viewer GUI that includesbuttons for each operation. These buttons are trapped so that useractivities can be logged as discussed below.

It should be noted that the content is only displayed in a window thatis controlled by the viewer and that the viewer does not use any of thestandard browser functions. Therefore, the standard browser buttons ormenu selections do not affect the display or manipulation of thedisplayed content and need not be disabled. For example, since thecontent is displayed only in a window controlled by the viewer,selection of the conventional print function in the browser will printonly the content portion displayed in the viewer window and not theentire content document.

After the viewer has been downloaded, the user can then use the viewer342 to locate desired content. A content article could be identified,for example, by document name or URL. In step 412, the metrics viewer342 interacts with the request content servlet 348, as indicatedschematically by arrow 346, to request a content document. The processthen proceeds, via off-page connectors 414 and 416, to step 418 wherethe request content servlet 348 uses the provided document name or URLto retrieve an encrypted content file from the content files database330. The metrics server then downloads the encrypted file to the metricsviewer 342.

As set forth in step 420, after the encrypted file has been completelydownloaded, the viewer 342 computes the OID for the document. Thiscontent identifier is calculated using the encrypted content itself.Although the content identifier can be calculated in many ways, it isimportant that the identifier cannot be calculated from the contentalone. Therefore, the content identifier is related to the content, butnot directly derivable from the content.

An exemplary architecture and process for calculating the OID are shownin FIGS. 5 and 6, respectively. The process begins in step 600 andproceeds to step 602 where a hash of a secret string 500 is calculatedwith a one-way hashing mechanism 504. The secret string is embedded inthe viewer code so that it is downloaded when the viewer is downloaded.The secret string may be obfuscated in the viewer code in a conventionalmanner to deter reverse engineering of the viewer code.

The one-way hashing algorithm used by mechanism 504 to create this hash,for example, may be an SHA-1 secure hashing algorithm as described inFIPS 180-1 at the web site located at URLhttp://www.itl.nist.gov/fipspubs/fip180-1.htm. Then, in step 604, a hashof the encrypted content item 502 is computed, using, for example, theSHA-1 hashing algorithm in one-way hashing mechanism 506. In step 606,the hash computed in step 602 is hashed with the hash computed in step604 using, for example, the SHA-1 algorithm again in hashing mechanism508. The process then ends in step 608. The resulting OID value 510 ismathematically likely to be unique to the particular encrypted file, andcannot be derived from the data in the file alone.

Returning to FIG. 4B, in step 422, the viewer requests a key fordecrypting the file using the OID computed from the encrypted content.In particular, the metrics viewer 342 sends the OID to the request keyservlet 350 as indicated schematically by arrow 344. The request keyservlet 350 retrieves a decryption key from the key database 358 usingthe OID to access the database. As set forth in step 424, the metricserver then downloads the requested decryption key corresponding to theOID to the metrics viewer 342. Next, as set forth in step 426, theviewer 342 uses the key to decrypt the encrypted content file. Finally,as set forth in step 428, the viewer 342 presents the plaintext contentfile in the web browser 340. The process then finishes in step 430.

In order to operate in the manner set forth in FIGS. 4A and 4B, thecontent files must first be encrypted and the OIDs generated. Asmentioned previously, the encryption is performed by a metricspublishing tool. The steps in this process are set forth in FIG. 7 andthe internal architecture of the tool is shown in FIG. 8. The metricspublishing tool is responsible for encrypting the publisher's contentand packaging it for distribution. The publishing tool could consist ofa command-line utility, controlled through configuration files.Alternatively, it is possible to customize the publisher's publishingenvironment so that the publishing tool is called through an applicationprogramming interface (API).

The publishing process involves encrypting content and providingidentifiers for the encrypted content, generating decryption keys andlinking the identifiers and the decryption keys so that the decryptionkey for a requested content document can be located. In order to providethe greatest level of flexibility and the highest level of security theencryption and key management implementations obey the followingprinciples:

-   -   1. All encryption algorithms used are established, popular        algorithms that are well-understood and believed to be strong.        Examples include the Blowfish algorithm, which is a symmetric        block cipher that takes a variable-length key, from 32 bits to        448 bits. This algorithm is described in an article entitled        “Description of a New Variable-Length Key, 64-Bit Block Cipher        (Blowfish)”, B. Schneier, Fast Software Encryption, Cambridge        Security Workshop Proceedings (December 1993), Springer-Verlag,        1994, pp. 191-204. Another example is the RSA public key        algorithm of which details are available in the Public Key        Cryptography Standard (PKCS #1) of RSA Laboratories at the web        site located at URL http://www.rsasecurity.com/rsalabs/pkcs/.        The encryption and key management implementation does not rely        on particular assumptions about any of the algorithms that it        uses; that is, another algorithm, such as the Advanced        Encryption Standard (AES, details available at        http://csrc.nist.gov/CryptoToolkit/aes/rijndael/), could be        substituted for the Blowfish algorithm, an elliptical public key        algorithm could be substituted for the RSA public key algorithm,        and so on.    -   2. All keys are exchanged with a secure protocol. Such a        protocol is the Diffie-Hellman key exchange protocol that is        described in PKCS #3 available at RSA Laboratories at the web        site located at URL http:/www.rsasecurity.com/rsalabs/pkcs/.    -   3. Encrypted content and its decryption key are never stored or        delivered together in the same file or transmission. The        decryption key for a content package is delivered either at a        different time from the content package, or through a different        channel.    -   4. The relationship between an encrypted content item and its        decryption key is never stored. If an encrypted object has an        identifier, then the number for its decryption key is derived        through a cryptographically strong algorithm. In one embodiment,        this algorithm is a variant of a one-way hash such as the        aforementioned SHA-1 hash.    -   5. The system uses as few explicit identifiers as possible. For        example, the identifier for a content item is not stored        anywhere in the system; instead, the content identifier is        calculated from a variant of the encrypted form of the content        using a secure hash.    -   6. There are no plaintext strings in the program object code        that can be used directly to compromise the security of the        content.

FIGS. 7 and 8 illustrate the operation of a publishing tool 800 in thepreparation of a content package that includes a single document fordistribution. This process starts in step 700 and proceeds to step 702where the publishing tool 800 receives a content document 802 as input.A determination is made whether the content document contains text. Forcontent items containing text, in addition to performing the normalprocessing, the publishing tool 800 contains a text scrambler 812 thatperforms special processing to create a scrambled, indexable version ofthe content as set forth in step 706. This processing is described indetail below. The process then continues with the remainder of thenormal processing.

Next, in step 704, the publishing tool 800 uses a file compressor 806 tocompress the content file using a conventional compression algorithm.For example, “Flate” compression is suitable for use with the inventionand is described in detail at the website located at URLhttp://www.gzip.org/zlib/.

After compressing the file, the publishing tool 800 uses a key generator808 to generate a unique content key in step 708. For example, in oneembodiment, the key generator 808 could operate with the Blowfishalgorithm and this key would be a 128-bit Blowfish key. Next, in step710, the publishing tool 800 uses an encryption engine 814 to encryptthe content item with this unique key. Then, in step 712, the publishingtool 800 uses an OID calculator 816 to calculate a content identifierfor the encrypted content item. This content identifier is calculatedfrom the encrypted content by the same algorithm used by the viewer anddescribed in connection with FIGS. 5 and 6. In this case, the samesecret string embedded in the viewer code is also embedded in the servercode.

Returning to FIG. 7, the OID is stored with the decryption key for thecontent item. In step 714, the content key is encrypted using the keyencryptor 810 with a secret key that is unique to the server. Thislatter encryption prevents the content key from being discovered bysearching the server files. The resulting outputs 804 are then stored inthe content database 230 (FIG. 2). The process then finishes in step716.

As mentioned above, an important feature of the inventive system is theability to offer text content in a format in which it can be indexed bythird-party search utilities and yet not be available as plaintext. Thetext scrambler 812 uses a process called “content scrambling” to producean “indexable version” of a composite content file. This process isillustrated in FIGS. 9, 10, 11A and 11B. The process starts in step 1000and proceeds to step 1002 where the text scrambler receives a compositecontent file 900 that may contain text and graphics. The text scrambleruses a stripper 902 to remove any formatting information and graphics,producing a stream of plain text. Thus, the text scrambler can handlemixed text and graphic formats such as HTML, Adobe PDF, and MicrosoftOffice documents.

Next, in step 1004, the text scrambler uses a parser 904 to parse theplain text stream into words. The parsing can be performed in a knownmanner by using delimiters such as spaces, tabs, etc. to divide the textstream into words. The parser 904 then removes the most common wordsfrom the content stream. Such words include common articles, such as“the”, “a” and “an”, conjunctions, such as “and” and “or”, and othercommon words. In step 1006, a fragmenter 906 breaks the parsed contentstream up into random two to five word phrases.

The operation of the fragmenter 906 is shown in FIG. 11A. This operationbegins in step 1100 and proceeds to step 1101 where a determination ismade whether there is more text to be processed. If not, the processends in step 1109. Assuming there is more text to be processed, then, instep 1102, a pseudo random integer equal to, or greater than, two andless than, or equal to, five is generated in a conventional fashion. Instep 1104, a number of words equal to the generated pseudo random numberare selected from the stream and the selected words are assembled into aphrase in step 1106. The assembled phrase is streamed out in step 1108.The process then returns to step 1102 where a new phrase is generatedstarting by generating a new pseudo random number in step 1102. Steps1104 to 1108 are then performed to generate a new phrase. Operationcontinues in this fashion until the entire text stream has beenprocessed.

Returning to FIG. 10, in step 1008, the phrases generated by thefragmenter 906 are assembled by stream assembler 908 in random orderinto an unpunctuated text stream. The manner in which this text streamis assembled is shown in FIG. 11B.

As illustrated in FIG. 11B, the incoming phrases are assembled into“blocks”, each of which comprises a fixed, predetermined number ofphrases. In particular, the assembly process starts in step 1110 andproceeds to step 1112 where a fixed number of 2-5 word phrases generatedby the fragmenter 906 are assembled into a first block.

Proceeding to step 1114, the process then shifts the first block intothe second block. In step 1116, the fixed number of phrases is againassembled into the first block. At this point there exist two blocks,both holding the same fixed number of phrases, although the phrases ineach block could be of different word lengths. The phrases in the firstblock are then paired with the phrases in the second block. For example,a phase in the first block can be paired with a phrase in thecorresponding location in the second block. Next, a check is made instep 1120 to determine whether all phrase pairs have been processed. Ifnot, the process proceeds to step 1122 where the next unprocessed phrasepair is selected. In step 1124, a pseudo random number is generated forthe phrase pair.

In step 1126, the generated pseudo random number is compared to apredetermined threshold. If the generated pseudo random number isgreater than the threshold, then, in step 1128, the phrase in the firstblock is swapped with the phrase in the second block. The process thenreturns to step 1120 where a decision is made whether all pairs havebeen processed. Alternatively, if the generated pseudo random number isless than the threshold, then the process returns directly to step 1120.

If, as determined in step 1120, all phrase pairs have been processed,then in step 1118, the second block is streamed out. In step 1130, adecision is made whether additional phrases remain to be processed. Ifnot, the process finishes in step 1132. Alternatively, if additionalphrases remain to be processed, then the process returns to step 1114 inwhich the first block is shifted into the second block and, in step1116, the first block is filled with the predetermined number ofphrases. Operation continues in this fashion until all text phrases havebeen processed.

The resulting stream contains nearly all of the words in the originalcontent, and most of the phrases, but cannot be read. This unpunctuatedtext stream is enclosed in a simple HTML file 910 and stored inunencrypted form on the content server where it will be exposed tothird-party indexing utilities. These utilities are allowed to crawl thecontent distribution to build an index of the content. Searching onparticular words or phrases will still return most of the same hits asthe unscrambled content. However, simply navigating straight to thetarget file will display to the user a scrambled content file thatcannot be read.

When scrambled content is indexed by web-crawling search engines, suchas Google™, the inventive distribution system returns the scrambledcontent. However, when a user uses a browser to link from the searchengine to the indexed page, the publisher may prefer to present to theuser an e-commerce page containing an unscrambled article extract and anoffer to provide the entire, unscrambled article for a purchase price.There are a number of effective techniques to direct the user to thepublisher when the user links to the page. For example, browsers andsearch engines requesting a resource typically supply to the web servera “user agent” parameter that specifies the browser that is requestingthe resource. A web server can examine the user agent parameter, andsupply the scrambled content to requests containing user agent valuesthat correspond to search engines. Alternatively, the web server canreturn the publisher's e-commerce page to requests containing user agentvalues corresponding to browsers.

It is also possible to accomplish the same result by ending thescrambled HTML page with a call to a JavaScript routine that loads thepublisher's e-commerce page. In this case, a user at a browser will seethe e-commerce page immediately after the scrambled page loads. On theother hand, a search engine will ignore the JavaScript and process onlythe scrambled page. For cosmetic reasons, the scrambled page in thisapproach can also be defined to hide the scrambled text from the enduser.

As previously mentioned, the inventive content distribution system canalso operate in a distributed mode in which content is provided to usersat a customer site from a content server that is also located at thecustomer site. Such a configuration is shown in FIG. 12. In thisconfiguration, a content server 1204 is located at a corporate site 1202attached to a corporate intranet or other corporate network. Anadditional content server 1206 may also be located at the publisher site1200 to provide controllable and trackable content forwarding as willhereinafter be described. The customer site content server 1204 can alsoprovide content searching capabilities using a conventional searchengine such as the Apache Lucene open-source search engine. The contentis indexed at load time, using the scrambled text files generated asdescribed below.

The content server 1204 at the customer site manages clients and usersat the customer site, performs secure key exchanges with authenticatedclients and logs all usage events for later upload to a metricsreporting server. Contrary to the publisher-hosted mode, content isdistributed from the publisher's site to the user content server, asindicated schematically by arrow 1216, in blocks of content documentscalled content distribution archives. Archives might be distributed tocustomer sites in return for log file information gathered at thecustomer site as indicated schematically by arrow 1218. The return oflog information from the customer site allows the publisher to trackcontent usage at the customer site and to track content forwarding asdescribed below.

As well as containing encrypted documents, the distribution archive isitself encrypted. Consequently, the customer site content server 1204must unpack the archive and store the encrypted content and keys in theencrypted content database 1234 as schematically indicated by arrow1238. In order to decrypt the archive during the content loadingprocess, the customer site content server 1204 uses a “scheduled key” todecrypt the archive. The scheduled key for an archive is contained in aprevious archive file that was received by the customer. The first timethat content is loaded into the customer site server 1204, the scheduledkey must be obtained from the publisher, as described below.

In addition to containing the encrypted content files, the archivecontains various keys and an OID to decryption key mapping. The OID/Keymapping is also encrypted with the scheduled key. During the unloadingprocess, the encrypted content files are extracted, but not decrypted.The encrypted files are stored in database 1234 and still bear the samenames that they did before encryption, but there is no explicitcross-reference between the encrypted files and their decryption keys.In order to find the key that decrypts a given file name, the serverreceives an OID for the file from a client who is requesting content,then uses the received OID to look up the corresponding key in theOID/Key mapping. The unloading process is described in more detailbelow.

The customer site server 1204 acts as a conventional server in aclient/server application, performing password-based authentication andstoring user data in the metrics user database 1232 as indicatedschematically by arrow 1236. Data is transferred from the client to theserver using the regular HTTP protocol; in cases where the data issecure, encryption is applied to the HTTP payload, rather than using asecure protocol such as SSL. Each client, of which clients 1220-1224 areshown in FIG. 12, can contact the server 1204 as indicated schematicallyby arrows 1226, 1228 and 1236, respectively, and retrieve content usinga process similar to that illustrated in FIGS. 4A and 4B and describedin connection with the publisher-based system of FIGS. 2 and 3.

In order to package content documents into a content archive, thepublisher uses the publishing tool described above in connection withFIG. 8 that follows the process set forth in FIGS. 13A, 13B and 14A,14B. The process set forth in FIGS. 13A and 13B illustrates an exemplaryprocess for encrypting the content files. The process set forth in FIGS.14A and 14B shows an exemplary process for packaging the encryptedcontent files into a distribution archive.

Generally, the publisher's normal content preparation workflow resultsin a collection of content files, content files and directories, orcompressed content file archives in a location known to the preparationprogram and specified in a configuration file. Publishers can elect toprepare separate distributions for every customer, with, if desired,different content subsets for each. In this case, a separateconfiguration file is maintained for each customer. The contentpreparation process starts in step 1300 and proceeds to step 1302 wherethe publishing tool examines each file in the content directories, or inthe compressed content file archive in a location specified in thecustomer configuration file. In step 1304, a determination is madewhether any files remain to be processed. If all files have beenprocessed, then the process ends in step 1306.

Alternatively, if files remain to be processed, for each content item inthe content collection, the publishing tool extracts the file as setforth in step 1308. Then the file is examined and, in step 1310, adetermination is made whether the file contains text. For content itemscontaining text, in addition to performing the normal processing, thepublishing tool contains a text scrambler 812 that performs specialprocessing to create an indexable version of the content as set forth instep 1314. This processing is described in detail above in connectionwith FIGS. 9, 10, 11A and 11B. After generating the scrambled file, theprocess proceeds, via off-page connectors 1322 and 1328, to step 1338where the scrambled file is added to the distribution archive package asdescribed below.

Next, in step 1312, the content file is compressed in the filecompressor 806 using, for example, the aforementioned Flate compressionalgorithm. Then, in step 1316, a key generator 808 in the publishingtool 800 generates a unique 128-bit content encryption key, using, forexample, the aforementioned Blowfish algorithm. The process proceeds,via off-page connectors 1320 and 1326 to step 1330 where the publishingtool 800 encrypts the compressed content item with the unique contentkey generated in step 1316 using the encryption engine 814.

The publishing tool 800 then calculates a content identifier for thecontent item as set forth in step 1332 with the OID calculator 816. Thisprocess is described above in connection with FIGS. 7 and 8. Theresulting value is mathematically likely to be unique to the particularencrypted file, and cannot be derived from the data in the file alone.The OID is used as the content identifier, and is stored with anencrypted content key for the content item.

Then, in step 1334, the content key is encrypted with the key encryptor810 using the aforementioned Blowfish algorithm. Then, in step 1336, thecomputed OID and the encrypted content key are appended to a cachecorresponding to the archive file. Specifically, the publishing toolcaches a list of keys and OIDs as it encrypts every content file. Thiscache is called an OID/Key mapping.

After each content item is encrypted in step 1330, the resultingencrypted data is stored in a compressed file, the distribution archive,under the same name and in the same relative position: under the archiveroot as the position of the original file in the original content file.This is accomplished in step 1338. The process then returns, viaoff-page connectors 1324 and 1318 back to step 1304 to determine ifadditional files need to be processed. Operation continues in thismanner until all files have been processed. The result is an archivefile containing encrypted content files and an OID/Key mapping for eachfile. These two files are then packaged into the final distributionarchive by the process shown in FIGS. 14A and 14B.

There are two slightly different processing flows for content packaging,depending on whether a particular subscription or distribution (to aparticular customer or group of customers) is the first distribution tothat customer or is a subsequent distribution to that customer. Inparticular, during the packaging process, the OID/Key mapping isencrypted with the aforementioned scheduled key. A new scheduled key isincluded with each distribution archive. This new key will be used todecrypt the next distribution archive received by the customer.Therefore, the first time a particular customer receives a distributionarchive, the customer will not have the scheduled key and it will benecessary to send the required key to the customer. After the firstdistribution archive has been received, the customer will have thescheduled key that was delivered in the previous distribution archive.

The packaging process begins in step 1400 and proceeds to step 1402where a decision is made whether the customer to which the archive isbeing sent already has the scheduled key. If this is not the firstdistribution, then the process proceeds to step 1410, which is discussedbelow. If the intended customer does not have the scheduled key, theprocess proceeds to step 1404 where the publishing tool 800 generates anew scheduled key using the key generator 808. For example, this key maybe a 128-bit Blowfish key. In step 1406, this new scheduled key isencrypted using the key encryptor 810 and, for example, the Blowfishalgorithm and a secret key internal to the server. This encrypted key isnot added to the archive, but it is stored in a separate file. Theencryption prevents the scheduled key from being discovered by searchingthe server files. The unencrypted key is also sent to the customer via achannel that is separate from the channel used to send the distributionarchive. For example, the scheduled key may be e-mailed to the customeras set forth in step 1408.

When the distribution archive is to be packaged, in step 1410 thescheduled key is retrieved from storage and decrypted using the secretserver key. The process then proceeds, via off-page connectors 1412 and1414, to step 1416 where the publishing tool 800 encrypts the OID/Keymapping using the encryption engine 814 with the scheduled key beforeadding the mapping to the distribution archive in step 1418.

The publishing tool in step 1420 generates yet another key using the keygenerator 808 (for example, a 128-bit Blowfish key), called the newscheduled key. This new scheduled key is stored in the distributionarchive in step 1422 and will be used by the customer to decrypt thenext distribution archive that is received. Next, in step 1424, thescheduled key is used to encrypt the entire distribution archive usingthe encryption engine 814. The new scheduled key is also encrypted witha secret server key in step 1426 and stored in a configuration file forthe customer in step 1428. The process then ends in step 1430. At thispoint, the distribution archive is complete and ready for publication toits customer or customers.

The use of the scheduled keys and next scheduled keys builds a chain ofdistribution files. However, if a customer misses a distribution orloses a distribution archive file, it will be impossible for thecustomer to load any subsequent distribution archive files. If thisoccurs, the customer must contact the publisher and request a newdistribution. The publisher then creates a “first-time” distributionarchive, with its explicit scheduled key, and transfers the archive andthe scheduled key to the customer via separate channels (for example,the archive can be sent via FTP and the key can be sent via e-mail).

Returning to FIG. 12, when the customer site server 1204 receives adistribution archive it must “unpack” the archive before users canaccess the content therein. The unpacking process is performed by anupdate manager and is illustrated in FIGS. 15, 16A and 16B. FIG. 15illustrates the internal architecture of the update manager 1500 in moredetail. The process begins in step 1600 and proceeds to step 1602 wherethe update manager 1500 uses a key decryptor 1502 to decrypt thescheduled key received with the distribution archive file that waspreviously received. Then, in step 1604, the decrypted new scheduled keyis used in the decryption engine 1508 to decrypt the distributionarchive file. The resulting decrypted file contains the encryptedcontent files, the scrambled content files, an encrypted OID/Key listand an encrypted new scheduled key.

In step 1606, the manager 1500 uses a file decompressor 1516 to extractthe encrypted content files 1522. These files 1522 are then stored inthe content database 1234 located at the customer site. Next, as setforth in step 1608, the file decompressor 1516 is used to extract thescrambled content files 1524. These files 1524 are then stored in thecustomer site server in a location at the customer site that will beaccessible to third party search engines.

In step 1610, the file decompressor 1516 is used to extract theencrypted OID/Key list 1526 from the distribution archive file. AnOID/Key list decryptor 1528 decrypts the OID/Key list using the newscheduled key obtained in step 1602. The process then proceeds, viaoff-page connectors 1614 and 1616, to step 1618 where the OID/Key map1506 already existing in the customer site server is checkpointed usingcheckpointer 1510. The checkpointer 1510 establishes a base state of themap before changes are made so that the map can be returned to itsoriginal state if errors occur during the addition of the new OID/Keyvalues received in the archive file.

The existing OID/Key map is then cloned by cloner 1512 in step 1620 toproduce a map clone 1518. The new OID/Key entries produced by theOID/Key list decryptor 1528 are then added to the map clone 1518 in step1622. In step 1624, the checkpointer 1510 is used to checkpoint the mapclone 1518. If the checkpointing succeeds, then, in step 1626, the mapclone with the added entries 1518 is adopted by overwriting the existingOID/Key map 1506 in step 1626 and as schematically illustrated by arrow1514. Finally, in step 1628, the file decompressor 1516 is used toextract the new scheduled key 1520 from the distribution archive filefor use in decrypting the next distribution archive file. The processthen ends in step 1630.

Returning to FIG. 12, the client site server 1204 logs all clientactivity that occurs at the customer site in a plaintext log file 1240as indicated schematically by arrow 1242. Such activity could includeaccessing and opening a document, selecting a document, searching orprinting a document. The log file 1240 is kept in plaintext so thatprivacy-conscious customers are able to verify that the log file doesnot report confidential data. In order to reduce the possibility of filecorruption or deliberate modification, the logging apparatus in theserver signs each log file entry according to the process illustrated inFIGS. 17 and 18. The process starts in step 1800 and proceeds to step1802 where the logging apparatus 1700 generates a sequential sequencenumber by means of the sequence number generator 1702. This number mightbe a sequential integer. Then, in step 1804, the generated sequencenumber is appended to the current log record 1706, (which includes thelog record data 1706 and the timestamp 1708) by the appender 1704.

Next, in step 1806, the logging apparatus 1700 uses a signaturegenerator 1720 to generate a message authentication code (MAC) 1718based on the sequence number 1710 appended to the current log record1712, the current log record data 1712, the timestamp 1716 of thecurrent log record and the sequence number 1722 appended to the previouslog record 1724. This signature 1718 is then appended to the current logrecord 1712 in step 1808. A MAC is an alternative to digital signaturesfor ensuring data integrity when the protected data is stored locally orwhen sender and recipient share a secret string or key. A MACcomputation is similar to hashing, except that a key is used in thecomputation so that only someone who knows the key can create or verifya MAC.

In a preferred embodiment, the MAC can be generated by an algorithmcalled a salted hash algorithm. A salted hash algorithm is a secure hashthat has been pre-populated with a secret string. Illustratively, thesecure hash algorithm can be the SHA-1 secure hash algorithm discussedabove. Other algorithms, such as the SHA-256 or SHA-512 algorithms,could also be used. In addition, other alternative embodiments could useDSS or other signature standards, such as HMAC, instead of the saltedhash algorithm. The secret string is known only to the publisher so thatonly the publisher can verify the MAC.

Finally, the entire log entry 1714 is entered into the log in step 1810.The process then finishes in step 1812.

In accordance with another aspect of the invention, in the distributedmode, a client can “forward” a content document to one or more recipiente-mail addresses, including addressees who are not part of the client'scorporate network. This forwarding process allows the recipients toaccess the specified content without losing the content protection. Italso allows the inventive distribution system to track usage activity ofrecipient users in the same fashion as previously-registered users. Thisprocess is illustrated in FIGS. 19 and 20. An overall view of theprocess is illustrated in FIG. 19. The steps in receiving and processingthe content document identification information from the e-mailrecipient are shown in FIG. 20.

The process begins when a user logged into a customer site server (forexample server 1204, FIG. 12) at a customer site 1900 uses the metricsviewer operating in his browser to send an e-mail to another user inorder to “forward” a selected content document. The metrics viewercommunicates to the customer site server 1204 to prepare an email with alink to the original publisher site 1902. The customer site server 1204uses a sender ID generator 1904 to generate a sender ID. Generally, thesender ID would be a text string identifying the sender and the sender'scorporate network. Next, the server 1204 uses a recipient ID generator1906 to generate a recipient ID. Generally, the recipient ID would be atext string identifying the recipient and the recipient's corporatenetwork.

Then, the server 1204 uses a document ID generator 1908 to generate anID identifying the content document that will be forwarded. This contentID might be the document name or URL. A concatentator 1910 concatenatesthe three IDs and the ID information is encrypted with an encryptor1912. In one embodiment, this latter encryption might be RSA public keyencryption using the public key of the publisher site that originatedthe content document. The encrypted ID string is then inserted into aURL that appears as a link when the e-mail arrives in the recipient'se-mail program or browser Subsequently, the e-mail 1918 is sent to therecipient.

When the recipient clicks on the link to the publisher in the e-mail, asupported browser is opened and the browser navigates to a “forwarding”metrics server in the publisher's site. This server might be server 1206in publisher site 1200 as shown in FIG. 12. During this process, the URLin the e-mail is sent to the server and processed as set forth in FIG.20. The server then downloads the metrics viewer described previouslyinto the recipient's browser and launches the viewer as hosted by theserver. The recipient then logs into the server 1206 and registers inthe fashion described above.

Processing of the URL received at the forwarding server 1206 starts instep 2100 and proceeds to step 2102 where the URL is received from thee-mail recipient. In step 2104, the forwarding server at the publishersite 1902 uses an extractor 1920 to extract the ID information from theURL. Next, in step 2106, a decryptor in the forwarding server decryptsthe ID information using the private key of the public/private key pairin the publisher site. Then, in step 2108, a document ID extractorextracts the document ID from the decrypted ID information. Theforwarding server uses the document ID to locate the encrypted documentinformation in the encrypted content database 1234. The encryptedcontent information and accompanying OID are then sent to the e-mailrecipient's metrics viewer as set forth in step 2110. The process thenfinishes in step 2112. Operation then proceeds as set forth in FIGS. 4Aand 4B.

The forwarding server 1206 can also log the sender's and recipient's IDinformation in a local log file 1208 as indicated schematically by arrow1210. In this manner the forwarding of content can be tracked. Theinformation in log file 1208 and the information in log file 1240 canthen be provided to a metrics reporting server (not shown in FIG. 12)that catalogs and formats the information to prepare reports.

A block schematic diagram of another embodiment of the inventive contentdistribution system is shown in FIG. 21. In this embodiment, the metricsserver 2206 is hosted by a third party, called an application serviceprovider 2204. One or more publishers, 2330, 2232, periodically uploadnew content to the application service provider 2204 using conventionalmeans, such as CDs or network transfers, as indicated schematically byarrows 2226 and 2228, respectively. Content received from the publishersat the application service provider 2204 is processed by a publishingtool 2224 located at the application service provider location 2204 inorder to generate encrypted content. The encrypted content is stored indatabases 2218 at the application service provider location 2204, asindicated schematically by arrow 2222.

In this embodiment, a document identifier is computed by the metricsserver 2206 at the application service provider site 2204 from theencrypted content and stored with a decryption key. Users 2200 and 2202interested in receiving the content log into the metrics server 2206 atthe application service provider site 2204 as indicated schematically byarrows 2208 and 2210, respectively. As indicated schematically by arrow2214, the metrics server 2206 retrieves user information and profilesfrom the metrics user database 2212 located at the application serviceprovider site 2204 and uses this information to log in the users asdescribed above. During the login procedure, secure content viewersoftware (not shown in FIG. 21) is downloaded into the user's localbrowser. In order to access the content, the content viewer requests aselected document from the application service provider server 2206 byreferring to a document name or URL. As indicated schematically by arrow2216, the server 2206 retrieves the document from the content database2218 and forwards it to the viewer in encrypted form. The viewer thencomputes a document identifier from the encrypted document content anduses the identifier to request a key from the server 2206 in order todecrypt the document. The key is forwarded from the server 2206 to theviewer, which then decrypts the document and displays it in the viewer.

The metrics server 2206 at the application service provider site 2204can also generate a usage log 2220 in order to track login to thesystem, registration, creation of a user profile and the reading andprinting of selected content.

Still another embodiment is illustrated in FIG. 22. In this embodiment,a user can elect to store encrypted content in a database 2314 locatedon his or her computer 2304. For example, the content may be deliveredfrom a publisher site 2302 by conventional means, such as CDs or DVDs.In order to view the content, the user must log in to a metrics keyserver 2316 located at the publisher's site 2302 or another centrallocation using a conventional browser 2304, as indicated schematicallyby arrow 2308. During the login procedure, the secure content viewersoftware 2306 is downloaded over the network into the user's browser2306 as indicated schematically by arrow 2310. In response toinformation from the user identifying a document, the content viewer2306 reads the encrypted content from the local database 2314, andcomputes a document identifier from the encrypted content in a mannerpreviously discussed. The viewer 2306 then sends the document identifierto the key server 2316 in order to retrieve decryption keys from the keydatabase 2318. The decryption keys are then used to decrypt theencrypted content in the secure viewer software 2306.

Still another embodiment is illustrated in FIG. 23 in which encryptedcontent data is stored in a local database 2410 on the user's computer2400. The secure content viewer software 2404 is also stored on theuser's computer 2400. Decryption keys along with document identifiersmay also be stored in a key database 2412 in encrypted form on theuser's computer. For example, the decryption keys may be encrypted witha key that is embedded in the viewer software 2404. Alternatively, thedecryption keys may be retrieved from a networked key server (not shownin FIG. 24) as described in the previous embodiment. In response toinformation from the user identifying a document, the content viewer2404 reads the encrypted content from the local database 2410, andcomputes a document identifier from the encrypted content in a mannerpreviously discussed. The viewer 2404 then retrieves an encrypteddecryption key from the local key database 2412. The decryption keys arethen used to decrypt the encrypted content in the secure viewer software2404.

A software implementation of the above-described embodiment may comprisea series of computer instructions either fixed on a tangible medium,such as a computer readable media, for example, a diskette, a CD-ROM, aROM, or a fixed disk, or transmittable to a computer system via a modemor other interface device over a transmission path. The transmissionpath either may be tangible lines, including but not limited to, opticalor analog communications lines, or may be implemented with wirelesstechniques, including but not limited to microwave, infrared or othertransmission techniques. The transmission path may also be the Internet.The series of computer instructions embodies all or part of thefunctionality previously described herein with respect to the invention.Those skilled in the art will appreciate that such computer instructionscan be written in a number of programming languages for use with manycomputer architectures or operating systems. Further, such instructionsmay be stored using any memory technology, present or future, including,but not limited to, semiconductor, magnetic, optical or other memorydevices, or transmitted using any communications technology, present orfuture, including but not limited to optical, infrared, microwave, orother transmission technologies. It is contemplated that such a computerprogram product may be distributed as a removable medium withaccompanying printed or electronic documentation, e.g., shrink wrappedsoftware, pre-loaded with a computer system, e.g., on system ROM orfixed disk, or distributed from a server or electronic bulletin boardover a network, e.g., the Internet or World Wide Web.

Although an exemplary embodiment of the invention has been disclosed, itwill be apparent to those skilled in the art that various changes andmodifications can be made which will achieve some of the advantages ofthe invention without departing from the spirit and scope of theinvention. For example, it will be obvious to those reasonably skilledin the art that, in other implementations, process operations differentfrom those shown may be performed. Other aspects, such as the specificprocess flow and the order of the illustrated steps, as well as othermodifications to the inventive concept are intended to be covered by theappended claims.

1. A method for rights management of digital content and secure deliveryof digital content documents from a publisher site to an unsecure site,the method comprising: (a) encrypting each digital content document atthe publisher site with a key to generate encrypted document content;(b) computing for each document, from the encrypted document content forthat document, a document identifier that cannot be derived solely fromthe encrypted version of the requested document; (c) creating a list ofdocument identifier and decryption key pairs; (d) assembling theencrypted document content for each content document and the list into adistribution archive; (e) encrypting the distribution archive with ascheduled key; (f) installing a content server at the unsecure site; and(g) sending the distribution archive from the publisher site to thecontent server.
 2. The method of claim 1 wherein step (a) comprisescompressing each document before encrypting the document.
 3. The methodof claim 1 wherein step (b) comprises computing a document identifierfrom the encrypted document content and a text string at the publishersite.
 4. The method of claim 1 further comprising: (h) at the unsecuresite, decrypting the distribution archive with the scheduled key,extracting the encrypted document content and storing the encrypteddocument content in a storage located at the unsecure site.
 5. Themethod of claim 4 wherein a user at the unsecure location accesses thecontent server from a browser and wherein the method further comprises:(i) downloading a secure viewer program into the browser; (j) using theviewer program to request a document from the content server; (k)downloading an encrypted version of the requested document from thecontent server to the viewer; and (l) using the viewer to calculate adocument identifier from the encrypted version of the requested documentand to send the document identifier to the content server.
 6. The methodof claim 5 further comprising: (m) using the document identifier in thecontent server to retrieve a decryption key from the list anddownloading the decryption key to the viewer program; and (n) using thedownloaded key in the viewer program to decrypt the encrypted version ofthe document and present the document to the user.
 7. The method ofclaim 1 further comprising: (h) monitoring content access at theunsecure site; and (i) creating a log file at the unsecure site from themonitored activities.
 8. The method of claim 7 further comprising: (j)sending the log file to the publisher site in return for a distributionarchive containing new content.
 9. The method of claim 8 furthercomprising: (k) extracting the contents of the log file at the publishersite; (l) formatting the extracted contents and providing a report fromthe formatted contents to a reporting client.
 10. The method of claim 7wherein step (h) comprises monitoring user activities including login tothe system, registration, creation of a user profile and the reading andprinting of selected content documents.
 11. Apparatus for rightsmanagement of digital content and secure delivery of digital contentdocuments from a publisher site to an unsecure site, the apparatuscomprising: means for encrypting each digital content document at thepublisher site with a key to generate encrypted document content; an OIDcalculator that computes for each document, from the encrypted documentcontent for that document, a document identifier that cannot be derivedsolely from the encrypted version of the requested document; means forcreating a list of document identifier and decryption key pairs; meansfor assembling the encrypted document content for each content documentand the list into a distribution archive; an encryptor that encrypts thedistribution archive with a scheduled key; means for installing acontent server at the unsecure site; and means for sending thedistribution archive from the publisher site to the content server. 12.The apparatus of claim 11 wherein the means for encrypting each digitalcontent document comprises a compressor that compresses each documentand an encryption engine that encrypts the compressed document.
 13. Theapparatus of claim 11 wherein the OID calculator comprises means forcomputing a document identifier from the encrypted document content anda text string at the publisher site.
 14. The apparatus of claim 11further comprising a decryption engine located at the unsecure site thatdecrypts the distribution archive with the scheduled key, a filedecompressor that extracts the encrypted document content and stores theencrypted document content in a storage located at the unsecure site.15. The apparatus of claim 14 wherein a user at the unsecure locationaccesses the content server from a browser and wherein the apparatusfurther comprises means for downloading a secure viewer program into thebrowser, means for using the viewer program to request a document fromthe content server; means for downloading an encrypted version of therequested document from the content server to the viewer; an OIDcalculator in the viewer that calculates a document identifier from theencrypted version of the requested document and means for sending thedocument identifier to the content server.
 16. The apparatus of claim 15further comprising means for using the document identifier in thecontent server to retrieve a decryption key from the list, means fordownloading the decryption key to the viewer program and means for usingthe downloaded key in the viewer program to decrypt the encryptedversion of the document and present the document to the user.
 17. Theapparatus of claim 11 further comprising a log server that monitorscontent access at the unsecure site and means for creating a log file atthe unsecure site from the monitored activities.
 18. The apparatus ofclaim 17 further comprising means for sending the log file to thepublisher site in return for a distribution archive containing newcontent.
 19. The apparatus of claim 18 further comprising a reportingserver that extracts the contents of the log file at the publisher site,formats the extracted contents and provides a report from the formattedcontents to a reporting client.
 20. The apparatus of claim 17 whereinthe log server comprises means for monitoring user activities includinglogin to the system, registration, creation of a user profile and thereading and printing of selected content documents.
 21. A computerprogram product for rights management of digital content and securedelivery of digital content documents from a publisher site to anunsecure site, the computer program product comprising a computer usablestorage medium having computer readable program code thereon, including:program code for encrypting each digital content document at thepublisher site with a key to generate encrypted document content;program code for computing for each document, from the encrypteddocument content for that document, a document identifier that cannot bederived solely from the encrypted version of the requested document;program code for creating a list of document identifier and decryptionkey pairs; program code for assembling the encrypted document contentfor each content document and the list into a distribution archive;program code for encrypting the distribution archive with a scheduledkey; program code for installing a content server at the unsecure site;and program code for sending the distribution archive from the publishersite to the content server.
 22. The computer program product of claim 21wherein the program code for encrypting each digital content document atthe publisher site comprises program code for compressing each documentbefore encrypting the document.
 23. The computer program product ofclaim 21 wherein the program code for computing a document identifiercomprises program code for computing a document identifier from theencrypted document content and a text string at the publisher site. 24.The computer program product of claim 21 further comprising program codeat the unsecure site, for decrypting the distribution archive with thescheduled key, extracting the encrypted document content and storing theencrypted document content in a storage located at the unsecure site.25. The computer program product of claim 24 wherein a user at theunsecure location accesses the content server from a browser and whereinthe computer program product further comprises: program code fordownloading a secure viewer program into the browser; program code inthe viewer program for requesting a document from the content server;program code for downloading an encrypted version of the requesteddocument from the content server to the viewer; and program code in theviewer for calculating a document identifier from the encrypted versionof the requested document and for sending the document identifier to thecontent server.
 26. The computer program product of claim 25 furthercomprising: program code for using the document identifier in thecontent server to retrieve a decryption key from the list anddownloading the decryption key to the viewer program; and program codefor using the downloaded key in the viewer program to decrypt theencrypted version of the document and present the document to the user.27. The computer program product of claim 21 further comprising: programcode for monitoring content access at the unsecure site; and programcode for creating a log file at the unsecure site from the monitoredactivities.
 28. The computer program product of claim 27 furthercomprising: program code for sending the log file to the publisher sitein return for a distribution archive containing new content.
 29. Thecomputer program product of claim 28 further comprising: program codefor extracting the contents of the log file at the publisher site;program code for formatting the extracted contents and providing areport from the formatted contents to a reporting client.
 30. Thecomputer program product of claim 27 wherein the program code formonitoring content access comprises program code for monitoring useractivities including login to the system, registration, creation of auser profile and the reading and printing of selected content documents.